In the business world, the CISO or Chief Information Security Officer is the person responsible for ensuring and upgrading information security within the organization. At home, we can apply many of the basic principles that are foundation of the CISO role to protect and preserve our family’s private information. No matter how daunting the task may seem at first, it is really not that hard to achieve this goal without being an expert on the subject.
The number of household devices that store and handle our private details keeps growing every day. Not just computers, tablets and smartphones, but connected thermostats, vacuum cleaners, toys and even smart lightbulbs that handle our data have already made their way into many families’ lives. This new breed of ever-connected gadgets and home appliances are part of what's been called the Internet of Things, and are designed to make our lives easier, whether helping us satisfy our entertainment cravings, interact on social media, or with our household or professional chores.
However, due to the type of information they handle – which can be much more delicate than we may think - these devices can end up putting our privacy and data at risk. Documents, personal pics, information on habits and shopping preferences are just some expampes. In the specific case of IoT devices, and to get an idea of the information they gather and handle, Smart TVs, for instance, collect data on the family’s content consumption patters, preferences, 'online' habits and schedules (i.e., times when family members are more likely to be at home). The goal of this guide is to help you keep all this sensitive personal details safe from hackers, and prevent them from being sold in black marketplaces or even used to blackmail you.
So, to effectively protect your digital family’s data, inside and outside your home, here are the steps you need to follow:
Step 1: secure connections, inside and outside your household
- Set up your home 'router': It is advisable to change your Wi-Fi network’s name (SSID) and password. When choosing a new new name, make sure to choose one that has nothing to do with your service provider, such as "my_home_wifi". Passwords should have a combination of numbers, letters and special characters, such as ".MyP@$$worD." You can also set a limit for the number of computers that connect to the 'router', using their MAC address, which is equivalent to Identity Card. The Spanish Government’s Bureau of Online Security (OSI), has published a series of guidelines containing all the indications on its website. These tips are basically universal and are valid regardless of your country of residence.
- Public Wi-Fi networks: Feel free to connect to connect to any wifi network to stream videos or check the news. But, for other things, such as downloading apps and checking your email, if you don’t know the network’s settings, it is best to use your 4G network or a VPN (more on this below).
- Use a VPN service: In public Wi-Fi networks, it is advisable to ensure the privacy of your data transfers by using a virtual private network (VPN) service. The OSI website also provides more information on how VPN services work, as well as a list of trusted providers.
Step 2: Security and privacy
- Check your devices’ configuration because their default settings may not be prioritizing the protection of your privacy. In addition, make sure to change the passwords and default names of your connected gadgets and appliances, especially those that store data online (such as webcams or health monitoring devices). Device manufacturers usually have a device configuration section on their websites.
- Installing an antivirus package on your computers, tablets and smartphones is key to protecting your information from potentially malicious programs. Click here for a list of OSI recommended antivirus software.
- Keep your antivirus, operating system, programs and apps up-to-date: Update usually consist of security patches that solve recently discovered vulnerabilities that cyber criminals may exploit. Also, you should take into account that if you modify or tamper your device’s stock operating system you might make them more vulnerable. In this BBVA article we explain why.
Step 3: social media and other services
- Digital identity: A person's digital identity is everything that can be found about that person by running an online search. That is why you should be aware of the type of details you want to share with the world, taking into account not only current circumstances, but also possible future ones. Before posting anything online, stop to think whether that information could be used by anyone against you.
- Change your social media and online services’ settings: tweaking your services’ privacy settings will prevent malicious users from accessing any personal data they may use for illegal purposes. Here you can find a series of tutorials that the OSI has published on the topic and learn how to securely set up the most common social media websites.
- Creating and managing passwords: You should set robust passwords and refrain from using the same one in more than one service to avoid spoofing and blackmail, since once they get their hands on a valid passwords, hackers normally try it out in other services. A robust password must have at least 8 characters, combining uppercase, lowercase, numbers and symbols. Do not keep your passwords written on paper, in files in your computer or as a contact on your smartphone; to store them, OSI has published on its website a list of password managers that can be installed on both mobile devices and desktop computers.
- Two-factor authentication: in the services that allow it, it is highly recommended to activate this additional layer of security that prevents unauthorized logins to your account. The most common two-factor authentication formula is one in which, besides the login password, the system requests a verification code sent via sms to the user’s registered smartphone. This helps service providers make sure that, even if someone knows the password, they can not enter the service.
And finally, an extra step for families with children.
Extra step: protection and assistance for children and teenagers
- Parental control: when children are small, parents can use parental control tools to protect their children and set usage limits and connection times. The Safe Internet for Kids website (which belongs to the Spanish Secretary of State for Digital Advance) offers a list of recommended and valid parental control tools in multiple countries, available for use on any device, besides an interesting guide with tips for different age-groups.
- Talking to your kids about the dangers they expose themselves to if they are not careful, and teaching them to protect their accounts and take care of their privacy, is a good strategy to keep them safe as they make their first forays into the digital world.
- Support resources: To stay up to date about how to keep your children safe online and offer them the best possible help and support, make sure to check OSI, IS4K and Conectados BBVA. www.bbva.com also publishes cybersecurity-related contents on a regular basis.
Following these steps and becoming aware of the risks of using connected devices without adopting minimum security measures can significantly undermine your personal levels of security. In protecting the privacy of your household and your loved ones, you’re the most important defense.